1. Field of the Invention
The present invention relates generally to smart card systems and more specifically to a smart card system, device and method for providing a secure communication link between a remote central computer system and a smart card.
2. Background
The term “smart card” is typically used to refer to various types of devices having an embedded integrated circuit for storing information. The reference to “smart cards” within this disclosure includes both contact and non-contact cards (also referred to as proximity cards). Smart card communication devices are used to write information to the card and to read information from the card. Some smart card communication devices may only have the ability to read from or write to the smart card. Therefore, a smart card communication device may be a smart card reader, a smart card writer or both.
Typically, the smart card communication device is connected to a host computer that regulates transactions between the smart card and the smart card communication device. In some systems, however, the host computer may be part of the smart card communication device. Smart card systems may include any number of host computers and communication devices depending on the particular configuration and requirements of the system.
The smart card is a small, usually credit card shaped, device that contains at least a memory device for storing information and a transceiver to communicate with a smart card communication device. The smart card communication device communicates through the transceiver on the smart card to access the stored information. The smart card communication device may simply read the information, load the information into the memory device or modify existing data in the memory device. For example, if the owner of a smart card uses a smart card containing financial information to make a purchase, the smart card communication device can read the information including the owner's identity and the availability of funds. The smart card communication device can also deduct the purchase amount from the available funds if it has writing capabilities. Further, the communication device can store transaction data on the smart card including the time and location of the transaction in addition to the identity of the communication device.
Existing smart cards can be classified as either contact or non-contact smart cards. It is not necessary for non-contact smart cards (also referred to as proximity cards) to physically contact a smart card communication device to exchange data. Proximity cards typically employ modulated radio frequency (RF) field and impedance modulation techniques to transfer data between the proximity card and the proximity card communication device.
Smart cards have a variety of uses and can be utilized in any transaction that involves the exchange of data or information between individuals and an institution or between two or more individuals. For example, smart cards can be used to store information including medical records, financial information, vehicle maintenance information, pet information, and a variety of other information traditionally printed on paper or plastic or stored on cards having a magnetic stripe or an optical bar code. Smart card technology has been particularly useful in banking systems and other financial transaction systems. For example, smart card technology has been used effectively in mass-transit systems where the stored value on a smart card is decreased by an amount equal to the fare each time the passenger uses the card to gain access to or exits from the mass-transit system. As described above, other information may be stored or modified on the card such as the time and location of transaction.
Although some smart card systems provide a method for owners to modify or read information on their smart card, these methods are limited in that the smart card communication interface required to perform the modification or other transaction is located in a public place. For example, in mass transit fare collection systems, the smart card owner can typically only add or check the value of the smart card at a smart card dispensing machine located at the mass transit terminal or gate. In other types of systems, the smart card owner may desire to make a purchase or engage in on line banking from the home or office using their smart card. Therefore, there is a need for a system and method that allows smart card owners to access or use their smart cards in locations other than public areas. Particularly, there is a need for system and method for checking or adding to the value of smart card from the customer premises or other convenient location.
Some systems have been suggested that include coupling a smart card to a laptop or personal computer (PC). These systems are limited in that they do not provide connectivity to a remote central computer system and require either the PC or the reader to perform security functions. This allows the security to be compromised since the security information is accessible in either the local processor or the smart card communication device. For example, many smart communication protocols require the use of security device such as a Security Access Module (SAM) that must be implemented in the PC or reader. Many security devices implement physical security protection such as automatic destruction techniques if an attempt is made to physically access the internal components. These techniques however, are not completely effective and security can be compromised. In addition, the transactions performed by the PC, laptop computer or the reader can be observed to determine security techniques used to communicate with the smart card.
An example of a suggested system discussed above, includes the system proposed in U.S. Pat. No. 5,664,157, issued to Takahira et al., which shows a laptop computer coupled to a smart card reader. This proposed system is limited in that the smart card is not coupled to a central computer system. Accordingly, the smart card cannot be used to make electronic purchases through a network. Further, since no connection is made with a central computer system that manages transactions, no value can be added to the smart card.
U.S. Pat. No. 5,623,637, issued to Jones et al., describes a host personal computer that couples a smart card reader to a remote computer. In this proposed system, the host computer must perform encryption and decryption functions to communicate with the smart card. This allows the security to be compromised since the security information is accessible.
In addition to the limitation described above, known systems require the modification of software, hardware or both within the computer or smart card communication device to enable communication with a smart card utilizing a new security function. Since effective communication is dependent upon either the smart card communication device or the computer performing security functions, one of the two devices must be modified if a new security function is implemented in a smart card.
Therefore, there is need for a smart card communication device, system and method for establishing a secure communication link between a smart card and a remote central computer system through a network.